gcleaner | 7ab2917e0a36429679d4a6a5f333b52096a2ff367c6461340acace573ddd5333 | Triage

Sharing

General

Target

2025-02-18_e3eb6c1bcdba1d7404b7983b7ad8540f_frostygoop_poet-rat_snatch
Size

6.3MB
Sample

250218-t7pwsatmb1
MD5

e3eb6c1bcdba1d7404b7983b7ad8540f
SHA1

349ce5f77b702282b823b338ca29131fbc60e658
SHA256

7ab2917e0a36429679d4a6a5f333b52096a2ff367c6461340acace573ddd5333
SHA512

06688c071b0d2bae8a8de764000e2b69b81f836cab93a5e43cee33bd5ec476ca49ab75b34ad9e0158594efecb3ec4436feeec41bf4347167bc01f10273a5210c
SSDEEP

49152:sPJ8IaL73KtaDF+IUGacgR7UivwqO+EUTfQiNYzihzC3z5KR0obzT6YAFr6x1p8z:8J8IkD4GUIBaRGWwsQWGtzooFqJoXKh

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

185.156.73.73

Targets

- Target
  
  2025-02-18_e3eb6c1bcdba1d7404b7983b7ad8540f_frostygoop_poet-rat_snatch
- Size
  
  6.3MB
- MD5
  
  e3eb6c1bcdba1d7404b7983b7ad8540f
- SHA1
  
  349ce5f77b702282b823b338ca29131fbc60e658
- SHA256
  
  7ab2917e0a36429679d4a6a5f333b52096a2ff367c6461340acace573ddd5333
- SHA512
  
  06688c071b0d2bae8a8de764000e2b69b81f836cab93a5e43cee33bd5ec476ca49ab75b34ad9e0158594efecb3ec4436feeec41bf4347167bc01f10273a5210c
- SSDEEP
  
  49152:sPJ8IaL73KtaDF+IUGacgR7UivwqO+EUTfQiNYzihzC3z5KR0obzT6YAFr6x1p8z:8J8IkD4GUIBaRGWwsQWGtzooFqJoXKh
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader